Secure transit mode for electronic device

ABSTRACT

A computer implemented method of preparing an electronic device for transport to a destination includes activating a secure transport function for an electronic device and receiving a selection of at least two transport mode options. The transport mode options may include placing the electronic device in a shipping mode to disconnect a device battery until the device is reconnected to a power adapter, performing an encryption on selected data stored on the device, capturing a connection fingerprint of gateways upon power on during transport, and logging power on hours during transport. The method includes applying, via the secure transport mode function, the selected transport mode operations prior to transport.

BACKGROUND

Electronic devices, such as laptop computers and phones can be returnedby customers for many different reasons, such as disposal, updating,repair, and other reasons. Managing the return of such devices in asecure manner may referred to as asset recovery services, or ARS. Thedevices may be packaged on a pallet and include physical locking devicesin addition to normal access security provided by the devicesthemselves. These security measures are insufficient to prevent againsta determined entity from stealing devices during transit and using manydifferent means of accessing sensitive data that may be stored on thedevices, such as by disassembly.

SUMMARY

A computer implemented method of preparing an electronic device fortransport to a destination includes activating a secure transportfunction for an electronic device and receiving a selection of at leasttwo transport mode options. The transport mode options may includeplacing the electronic device in a shipping mode to disconnect a devicebattery until the device is reconnected to a power adapter, performingan encryption on selected data stored on the device, capturing aconnection fingerprint of gateways upon power on during transport, andlogging power on hours during transport. The method includes applying,via the secure transport mode function, the selected transport modeoperations prior to transport.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram representation of a device having a securetransport function with selectable options for protecting and monitoringthe device during transport according to an example embodiment.

FIG. 2 is an example, of a history or record of detected availableconnections or connections made, such as gateways during transportaccording to an example embodiment.

FIG. 3 is a block diagram illustrating operation of the encrypt dataoption according to an example embodiment.

FIG. 4 is a flowchart of a computer implemented method of preparing anelectronic device for transport to a destination according to an exampleembodiment.

FIG. 5 is a flowchart of a computer implemented method of preparing anelectronic device for transport to a destination according to an exampleembodiment.

FIG. 6 is a block schematic diagram of a computer system to implementone or more example embodiments.

DETAILED DESCRIPTION

In the following description, reference is made to the accompanyingdrawings that form a part hereof, and in which is shown by way ofillustration specific embodiments which may be practiced. Theseembodiments are described in sufficient detail to enable those skilledin the art to practice the invention, and it is to be understood thatother embodiments may be utilized and that structural, logical andelectrical changes may be made without departing from the scope of thepresent invention. The following description of example embodiments is,therefore, not to be taken in a limited sense, and the scope of thepresent invention is defined by the appended claims.

The functions or algorithms described herein may be implemented insoftware in one embodiment. The software may consist of computerexecutable instructions stored on computer readable media or computerreadable storage device such as one or more non-transitory memories orother type of hardware-based storage devices, either local or networked.Further, such functions correspond to modules, which may be software,hardware, firmware or any combination thereof. Multiple functions may beperformed in one or more modules as desired, and the embodimentsdescribed are merely examples. The software may be executed on a digitalsignal processor, ASIC, microprocessor, or other type of processoroperating on a computer system, such as a personal computer, server orother computer system, turning such computer system into a specificallyprogrammed machine.

The functionality can be configured to perform an operation using, forinstance, software, hardware, firmware, or the like. For example, thephrase “configured to” can refer to a logic circuit structure of ahardware element that is to implement the associated functionality. Thephrase “configured to” can also refer to a logic circuit structure of ahardware element that is to implement the coding design of associatedfunctionality of firmware or software. The term “module” refers to astructural element that can be implemented using any suitable hardware(e.g., a processor, among others), software (e.g., an application, amongothers), firmware, or any combination of hardware, software, andfirmware. The term, “logic” encompasses any functionality for performinga task. For instance, each operation illustrated in the flowchartscorresponds to logic for performing that operation. An operation can beperformed using, software, hardware, firmware, or the like. The terms,“component,” “system,” and the like may refer to computer-relatedentities, hardware, and software in execution, firmware, or combinationthereof. A component may be a process running on a processor, an object,an executable, a program, a function, a subroutine, a computer, or acombination of software and hardware. The term, “processor,” may referto a hardware component, such as a processing unit of a computer system.

Furthermore, the claimed subject matter may be implemented as a method,apparatus, or article of manufacture using standard programming andengineering techniques to produce software, firmware, hardware, or anycombination thereof to control a computing device to implement thedisclosed subject matter. The term, “article of manufacture,” as usedherein is intended to encompass a computer program accessible from anycomputer-readable storage device or media. Computer-readable storagemedia can include, but are not limited to, magnetic storage devices,e.g., hard disk, floppy disk, magnetic strips, optical disk, compactdisk (CD), digital versatile disk (DVD), smart cards, flash memorydevices, among others. In contrast, computer-readable media, i.e., notstorage media, may additionally include communication media such astransmission media for wireless signals and the like.

Security measures for transporting electronic devices such as computersstoring customer sensitive data can be lacking. While palletization andlocking measure may be employed, it is still possible for a bad actor tointercept and access the devices during transport. Upon receipt at adestination, the access that occurred may not be detectible, leaving thepotential for customer data to have been breached without knowledge ofthe breach having occurred. Customers may not know to take steps toprevent nefarious use of the breached customer data.

A secure transport mode function enables users to protect electronicdevices during transport to a destination. The destination may be amanufacturer or distributor of electronic devices performing assetrecovery. Asset recovery may be performed for a variety of situations,such as updates, repair, or scrapping. It is important that the data onassets being recovered is protected.

The secure transport function in one example enables a user to selecttwo or more transport function mode options for execution prior toshipping the device. Example transport function mode options includeplacing the electronic device in a shipping mode to disconnect a devicebattery until the device is reconnected to a power adapter, performingan encryption on selected data stored on the device, capturing aConnection fingerprint of connections, such as wireless local areanetwork (WLAN), wireless wide area network (WWAN), and Bluetoothgateways upon power on during transport, and logging power on hoursduring transport. The selected options are applied via the securetransport mode function just prior to transport.

Upon receipt at the destination, data collected via some of the selectedoptions may be provided to detect whether or not unauthorized access tothe device was attempted during transport.

FIG. 1 is a block diagram representation of a device 100 having a securetransport function with selectable options for protecting and monitoringdevice 100 during transport. Device 100 may be an electronic device thatcan process information, such as a laptop device, tablet, or smartphone.

In one example, device 100 includes a keyboard 110 and a display 115.Display 115 is shown cut away to illustrate that device 100 includeselectronics, such as a system board 120 and a battery 125 for providingpower to the device. Display 115 is shown displaying a secure transportmode function checkbox 130, which when selected, causes display ofmultiple transport mode options 135.

The transport options in one example include connection fingerprint 140,log power on 145, enter ship mode 150, and encrypt data 155, and may beselected via respective checkboxes. While checkboxes are shown anddescribed as a means for selecting functions and options, other userinterface constructs may be used, such as clicking on words or iconsassociated with the functions or options to select the function oroption. The options may be highlighted upon selection to provide a userperceivable indication that an option has have been selected. Uponcompletion of selecting the options, a user may select to continue 157to cause execution of the options.

Device 100 may also include additional components such as a chargingport 160 or coupling the battery 125 to an AC adapter, referred to ascharger device 165. Battery 125 may also include firmware 170. Systemboard 120 or other electronics of device 100 may include a BIOS 175 andcircuitry, such as CMOS circuitry that is powered by a separate battery180. System board 120 may also include a wireless transceiver 185. Theadditional components of device 100 may be used in implementing one ormore of the selected options 135.

In one example, the ability to select the transport options 135 may beinitiated by navigating from the start menu to a settings menu thatincludes the ability to select the secure transport mode function suchas checkbox 130. A command may be used to reach a bios setup menu. Infurther examples, a physical switch may be selected, or a combination ofkeys, a series of button presses such as power key held in whilepressing the esc key multiple times. In response, the device 100 canprompt the user for entering secure transit mode and initiate display ofthe transport options 135 or even straight into pre-selected transportoptions.

A separate device, such as a USB device 190 may be plugged into a porton device 100. The device 190 may include script to put device 100 intothe transport mode with preselected options or cause the display ofoptions. The separate device 190 may use a trusted device handshake andboot the device 100 into the secure transit mode.

To take the device out of the transport mode, depending on optionsselected, a separate USB device may be utilized, or the device 100 maybe coupled to the charger 165.

The connection fingerprint option 140 captures and stores a record ofall known WLAN, WWAN, and Bluetooth gateways that are detected uponpowering on device 100. The record is accessible to a deviceadministrator. In one example, a snapshot of every gateway within rangeis captured and saved on non-volatile memory. In one example, thesnapshot may be sent to the administrator via a connection that may beestablished during transport or on receipt at the destination.

FIG. 2 is an example, of a history or record 200 of detected availableconnections or connections made, such as gateways during transport. Therecord 200 may include a connection name 210, address 215 (such as an IPaddress), time range 220 that identifies the beginning and end of timethat the connection was within range or actually connected and a date225. In example record 200, a first row 230 identifies an owner/userconnection that was connected at the time transport mode was entered. Afinal row 235 identifies a destination connection that was within rangeat the time device 100 is turned on to inspect transport events that mayhave occurred. The rows may be organized by date and time, name, or anyother desired column values.

Record 200 also indicates that during transport, three connections weredetected at rows 240, 245, and 250. Rows 240 and 245 indicate that oneday after transport began, a device power on event must have occurred asthe device detected gateways A and B within range. The event isindicative of a first bad actor having accessed the device. Row 250indicate that one day later, the device was accessed again, resulting indetection of gateway C. Two days later, the device reached itsdestination. The record 200 indicates that two separate events occurred.The IP addresses and names of the gateways may provide information forinvestigation to help identify the bad actor or bad actors responsiblefor the events.

Connections may pertain to both connections to Wi-Fi networks, a form ofWLAN, and connections to other non-Wi-Fi networks, such as Bluetoothnetworks, ethernet networks, connection between a user device and anautomated teller machine (ATM), and connection between two user devicesvia near-field communication (NFC). Another example is connection toanother device via a virtual private network (VPN). In this regard, anetwork connection may be a connection for communication between onlytwo devices such as a smart phone and vehicle via Bluetooth, or aconnection for communication with more than two devices such as mightoccur when connecting to a Wi-Fi network to browse Internet websites.

The log power on option 145 cause logging of power on hours in responseto the option being executed. In one example, an existing BIOS featuremay be used to log the power on hours. Turing on BIOS feature makes useof the CMOS battery 180 to power CMOS circuitry on the system board 120to keep time as well as detecting powering the device 100 on and off.The logged power on and off data may be stored on non-volatile storageon the system board 120 even if the main battery 125 is disconnected viaa different option. The logged power on and off data may then beobtained by the administrator at the destination to determine whether ornot the device 100 was powered on by a bad actor during transport.

The enter ship mode option 150 may utilize an existing ship modefunction of the device 100. The ship mode function disables the main,onboard, battery 125 until an AC adapter such as charger 165 is pluggedinto charging port 170, which may include a sensing device to determinea charger has been connected to the port. A line 192 communicates thesensed connection and provides an indication to the system board 120,which takes the device out of ship mode, reconnecting the battery 125 topower the system board and other electronic components of device 100.Battery 180 may be used to process the indication to effect the exitfrom ship mode.

The ship or shipping mode function is used for reducing batteryconsumption by cutting off the current path to the device 100 at its OFFstate. Battery powered portable devices use this or a similar functionto suppress the battery power consumption after manufacturing untildelivery to the end user. The ship mode function may be entered byflipping a hit via a BIOS setting that disables the battery dischargevia a switch, such as an PET, and reenables battery discharge whenconnected to charger 165. In one example, ship mode may be enabled usingthe F1 key and selecting Setup->Config->Power->Disable Internal Battery.This same sequence may be performed by selecting enter ship mode 150from options 135 and selecting continue 157, or as part of a preselectedset of options used when selecting to enter secure transit mode usingpreselected options.

The ship mode function may utilize battery 125 firmware 170 to monitorand log internal data, such as cell voltage and cumulative count ofpower on time such as by hour or minute. Disconnecting the battery fromthe remainder of system 100 does not disrupted the powering of thefirmware 170 which is integrated with the battery 125. A counter fieldmay be incremented continuously. The count is captured at time securetransit mode entered. A serial number of battery may also be stored toensure that the same battery is in place at the destination. This mayhelp detect if the battery was replaced in order for a bad actor to gainaccess during transport. The firmware 170 may also monitor and storeinformation from any installed tamper switch or switched indicated at197.

FIG. 3 is a block diagram illustrating operation of the encrypt dataoption 155 generally at 300. The encrypt data option 155 may be selectedand executed to perform a base level encryption on selected datapreviously identified by the user. The encrypt data option may beselected at 310 and generate a view of storage 315 with options 320 toselect one or more areas of storage, such as user data 325 or varioususer folders 330 and 335 which may contain sensitive data. Rather thanencrypting the entire storage 310, which also includes system data 340,the user can select either all of the user data, or only selectedportions of user data that are known to contain sensitive informationthat the user would not like exposed to bad actors. The ability toselect selected portions results in much less work and time beingrequired to encrypt the smaller amount of data. Encryption of theselected data may be a better option that reformatting or otherwisedestroying data to protect form access during transport. Reformattingcan take more time and may not be effective. Destroying the data resultsin loss of unbacked up data. Encryption provides protection without lossof the data.

In one example, the selection of transport mode may default to the userdata 325 which may include an entire user directory or folder. In otherexamples the user may have previously selected storage areas to protect.In still other examples, selection of the encrypt data option 157 mayresult in display of the encrypt options 320 for selection by the user.

A decryption key may be generated at 345 on entering the encryptionoption in the secure transport mode. A pseudo random key may begenerated to encrypt using a symmetric or asymmetric key. The key may besent to receiver/destination of the device 100, optionally using ahandshake to ensure the key has been received at the destination priorto encrypting the information.

In one example, the USB device 190 may store the key and automaticallycheck to confirm at that the key works. The USB device 190 may be sentseparately, or the key may be sent separately to the destination. Onconfirmation that the key works or that the key has been received at thedestination, the selected data is encrypted at 355.

Other options may be selected in further examples, such as ensuring thata tamper switch has been set. Upon receipt at the destination, thetamper switch, or data captured from the tamper switch may be inspectedto determine if the tamper switch was tripped. A bad actor may havesimply removed the storage 315, such as a disk drive or solid-statedrive. The tamper switch may detect such acts.

FIG. 4 is a flowchart of a computer implemented method 400 of preparingan electronic device for transport to a destination. Method 400 startsat operation 410 by activating a secure transport function for anelectronic device. An encryption is performed on selected data stored onthe device at operation 420. The electronic device is placed in ashipping mode at operation 430 to disconnect a device battery until thedevice is reconnected to a power adapter. Upon receipt at thedestination, at operation 440, power is received from a power adapter. Akey is received or used to decrypt the selected data at operation 450.

In one example, method 400 also includes monitoring and logging power-onhours via a device battery function during transport and providing thelog for inspection at the destination to determine power-on informationduring transport.

FIG. 5 is a flowchart of a computer implemented method 500 of preparingan electronic device for transport to a destination. Method 500 startsat operation 510 by activating a secure transport function for anelectronic device. At operation 520, a selection of at least twotransport mode options is received. The options may be selected from thegroup consisting of placing the electronic device in a shipping mode todisconnect a device battery until the device is reconnected to a poweradapter at 530, performing an encryption on selected data stored on thedevice at 540, capturing a connection fingerprint of gateways upon poweron during transport at 550. and logging power on hours during transportat 560. At operation 570, the elected transport mode options areperformed via the secure transport mode function prior to transport.

The various options are designed to both protect data and to detect thatdata has been accessed during transport. The fingerprint and logpower-on options are directed toward detecting that data has beenaccessed. The ship mode and encryption options are directed towardprotecting data. The ability to select from the multiple options allowsusers and administrators to design protection commensurate with thesensitivity or value of the data stored on devices to be recovered viatransport. The use of the various options significantly decreases therisk of data breach during asset recovery operations and may lower theneed for pickup insurance. The protection provided may help meetsecurity requirements that may be more stringent in healthcareapplications where data security is paramount.

FIG. 6 is a block schematic diagram of a computer system 600 to performsecure transport functions and for performing methods and algorithmsaccording to example embodiments. All components need not be used invarious embodiments.

One example computing device in the form of a computer 600 may include aprocessing unit 602, memory 603, removable storage 610, andnon-removable storage 612. Although the example computing device isillustrated and described as computer 600, the computing device may bein different forms in different embodiments. For example, the computingdevice may instead be a smartphone, a tablet, smartwatch, smart storagedevice (SSD), or other computing device including the same or similarelements as illustrated and described with regard to FIG. 6 . Devices,such as smartphones, tablets, and smartwatches, are generallycollectively referred to as mobile devices or user equipment.

Although the various data storage elements are illustrated as part ofthe computer 600, the storage may also or alternatively includecloud-based storage accessible via a network, such as the Internet orserver-based storage. Note also that an SSD may include a processor onwhich the parser may be run, allowing transfer of parsed, filtered datathrough I/O channels between the SSD and main memory.

Memory 603 may include volatile memory 614 and non-volatile memory 608.Computer 600 may include—or have access to a computing environment thatincludes—a variety of computer-readable media, such as volatile memory614 and non-volatile memory 608, removable storage 610 and non-removablestorage 612. Computer storage includes random access memory (RAM), readonly memory (ROM), erasable programmable read-only memory (EPROM) orelectrically erasable programmable read-only memory (EEPROM), flashmemory or other memory technologies, compact disc read-only memory (CDROM), Digital Versatile Disks (DVD) or other optical disk storage,magnetic cassettes, magnetic tape, magnetic disk storage or othermagnetic storage devices, or any other medium capable of storingcomputer-readable instructions.

Computer 600 may include or have access to a computing environment thatincludes input interface 606, output interface 604, and a communicationinterface 616. Output interface 604 may include a display device, suchas a touchscreen, that also may serve as an input device. The inputinterface 606 may include one or more of a touchscreen, touchpad, mouse,keyboard, camera, one or more device-specific buttons, one or moresensors integrated within or coupled via wired or wireless dataconnections to the computer 600, and other input devices. The computermay operate in a networked environment using a communication connectionto connect to one or more remote computers, such as database servers.The remote computer may include a personal computer (PC), server,router, network PC, a peer device or other common data flow networkswitch, or the like. The communication connection may include a LocalArea Network (LAN), a Wide Area Network (WAN), cellular, Wi-Fi,Bluetooth, or other networks. According to one embodiment, the variouscomponents of computer 600 are connected with a system bus 620.

Computer-readable instructions stored on a computer-readable medium areexecutable by the processing unit 602 of the computer 600, such as aprogram 618. The program 618 in some embodiments comprises software toimplement one or more methods described herein. A hard drive, CD-ROM,and RAM are some examples of articles including a non-transitorycomputer-readable medium such as a storage device. The termscomputer-readable medium, machine readable medium, and storage device donot include carrier waves or signals to the extent carrier waves andsignals are deemed too transitory. Storage can also include networkedstorage, such as a storage area network (SAN). Computer program 618along with the workspace manager 622 may be used to cause processingunit 602 to perform one or more methods or algorithms described herein.

Examples

-   -   1. A computer implemented method of preparing an electronic        device for transport to a destination, the method includes        activating a secure transport function for an electronic device,        performing an encryption on selected data stored on the device,        and placing the electronic device in a shipping mode to        disconnect a device battery until the device is reconnected to a        power adapter. Upon receipt at the destination, the method        includes receiving power from a power adapter and receiving a        key to decrypt the selected data.    -   2. The method of example 1 and further including monitoring and        logging power-on hours via a device battery function during        transport and providing the log for inspection to determine        power-on information during transport.    -   3. The method of any of examples 1-2 wherein placing the device        in the shipping mode is performed by flipping a bit via a BIOS        setting to disable battery discharge via a switch.    -   4. The method of any of examples 1-3 wherein firmware in the        device battery monitors and logs power on times.    -   5. The method of any of examples 1-4 wherein performing the        encryption includes generating a key for decryption, sending the        key to the destination, and confirming receipt of the key by the        destination prior to performing the encryption.    -   6. The method of example 5 wherein the key and code for        execution to perform the method are stored on separate device        for coupling to the electronic device via a port.    -   7. The method of any of examples 5-6 wherein the selected data        includes selected user data.    -   8. The method of example 7 wherein the user selected data is        identified by generating an interface to facilitate selection of        user folders.    -   9. The method of any of examples 1-8 and further including        engaging a fingerprint function to capture a connection        fingerprint identifying each connection detected upon power-on        during transport.    -   10. The method of example 9 and further including providing the        connection fingerprint for inspection at the destination.    -   11. The method of any of examples 9-10 wherein the fingerprint        includes a connection name, IP address, and time for each        connection detected.    -   12. The method of example 11 wherein the connections include        wireless local area network (WLAN) connections, wireless wide        area network (WWAN) connections, Bluetooth connections, ethernet        connections, and near field communication (NFC) connections.    -   13. A computer implemented method of preparing an electronic        device for transport to a destination includes activating a        secure transport function for an electronic device and receiving        a selection of at least two transport mode options. The        transport mode options may include placing the electronic device        in a shipping mode to disconnect a device battery until the        device is reconnected to a power adapter, performing an        encryption on selected data stored on the device, capturing a        connection fingerprint of gateways upon power on during        transport, and logging power on hours during transport. The        method includes applying, via the secure transport mode        function, the selected transport mode operations prior to        transport.    -   14. The method of example 13 and further including upon receipt        at the destination, providing data collected via the selected        options.    -   15. The method of any of examples 13-14 wherein performing the        encryption includes generating a key for decryption, sending the        key to the destination, and confirming receipt of the key by the        destination prior to performing the encryption.    -   16. The method of example 15 wherein the key and code for        execution to perform the method are stored on separate device        for coupling to the electronic device via a port.    -   17. The method of any of examples 15-16 wherein the selected        data comprises selected user data.    -   18. The method of example 17 wherein the user selected data is        identified by generating an interface to facilitate selection of        user folders.    -   19. The method of any of examples 13-18 wherein the fingerprint        includes a connection name, IP address, and time for each        connection detected and wherein the connections include wireless        local area network (WLAN) connections, wireless wide area        network (WWAN) connections, and Bluetooth connections, ethernet        connections, and near field communication (NFC) connections.    -   20. A device includes a processor and a memory device coupled to        the processor and having a program stored thereon for execution        by the processor to perform operations to prepare an electronic        device for transport to a destination, the operations        comprising:    -   activating a secure transport function for an electronic device;    -   performing an encryption on selected data stored on the device;    -   placing the electronic device in a shipping mode to disconnect a        device battery until the device is reconnected to a power        adapter; and    -   upon receipt at the destination; and    -   upon receipt at the destination:        -   receiving power from a power adapter; and        -   receiving a key to decrypt the selected data.

Although a few embodiments have been described in detail above, othermodifications are possible. For example, the logic flows depicted in thefigures do not require the particular order shown, or sequential order,to achieve desirable results. Other steps may be provided, or steps maybe eliminated, from the described flows, and other components may beadded to, or removed from, the described systems. Other embodiments maybe within the scope of the following claims.

1. A computer implemented method of preparing an electronic device fortransport to a destination, the method comprising: activating a securetransport function for an electronic device; performing an encryption onselected data stored on the device; placing the electronic device in ashipping mode to disconnect a device battery until the device isreconnected to a power adapter; and upon receipt at the destination:receiving power from the power adapter; and receiving a key to decryptthe selected data.
 2. The method of claim 1 and further comprising:monitoring and logging power-on hours via a device battery functionduring transport; and providing the log for inspection to determinepower-on information during transport.
 3. The method of claim 1 whereinplacing the device in the shipping mode is performed by flipping a bitvia a BIOS setting to disable battery discharge via a switch and whereinthe device battery is reconnected in response to receiving power fromthe power adapter.
 4. The method of claim 1 wherein firmware in thedevice battery monitors and logs power on times.
 5. The method of claim1 wherein performing the encryption comprises: generating the key fordecryption; sending the key to the destination; and confirming receiptof the key by the destination prior to performing the encryption.
 6. Themethod of claim 5 wherein the key and code for execution to perform themethod are stored on separate device for coupling to the electronicdevice via a port.
 7. The method of claim 5 wherein the selected datacomprises selected user data.
 8. The method of claim 7 wherein the userselected data is identified by generating an interface to facilitateselection of user folders.
 9. The method of claim 1 and furthercomprising engaging a fingerprint function to capture a connectionfingerprint identifying each connection detected upon power-on duringtransport.
 10. The method of claim 9 and further comprising providingthe connection fingerprint for inspection at the destination.
 11. Themethod of claim 9 wherein the fingerprint includes a connection name, IPaddress, and time for each connection detected.
 12. The method of claim11 wherein the connections include wireless local area network (WLAN)connections, wireless wide area network (WWAN) connections, Bluetoothconnections, ethernet connections, and NFC connections.
 13. A computerimplemented method of preparing an electronic device for transport to adestination, the method comprising: activating a secure transportfunction for an electronic device; receiving a selection of at least twotransport mode options selected from the group consisting of: placingthe electronic device in a shipping mode to disconnect a device batteryuntil the device is reconnected to a power adapter; performing anencryption on selected data stored on the device; capturing a connectionfingerprint of gateways upon power on during transport; and loggingpower on hours during transport; and applying, via the secure transportmode function, the selected transport mode operations prior totransport.
 14. The method of claim 13 and further comprising: uponreceipt at the destination, providing data collected via the selectedoptions.
 15. The method of claim 13 wherein performing the encryptioncomprises: generating a key for decryption; sending the key to thedestination; and confirming receipt of the key by the destination priorto performing the encryption.
 16. The method of claim 15 wherein the keyand code for execution to perform the method are stored on separatedevice for coupling to the electronic device via a port.
 17. The methodof claim 15 wherein the selected data comprises selected user data. 18.The method of claim 17 wherein the user selected data is identified bygenerating an interface to facilitate selection of user folders.
 19. Themethod of claim 13 wherein the fingerprint includes a connection name,IP address, and time for each connection detected and wherein theconnections include wireless local area network (WLAN) connections,wireless wide area network (WWAN) connections, and Bluetoothconnections, ethernet connections, and NFC connections.
 20. A devicecomprising: a processor; and a memory device coupled to the processorand having a program stored thereon for execution by the processor toperform operations to prepare an electronic device for transport to adestination, the operations comprising: activating a secure transportfunction for an electronic device; performing an encryption on selecteddata stored on the device; placing the electronic device in a shippingmode to disconnect a device battery until the device is reconnected to apower adapter; and upon receipt at the destination: receiving power froma power adapter; and receiving a key to decrypt the selected data.